Back to

Follow Up


This component allows an auditor to explain and get feedback on their report as well as evaluate the success of the process over time through a continued relationship with the host.

This component consists of the final meeting with the host and following up with them after a period of a few months to see if they need further assistance, are willing to share their experience working with any of the recommended resources, or as new resources are identified.


Follow up can be a valuable tool for encouraging an organization to continue their digital security process. But, follow up needs to be desired by an organization and achievable for the auditor. As such, follow up must be minimally intrusive on both the auditor and the host's time.

Guiding Questions

    • What are the barriers the organization faced in implementing the recommended risk mitigation plan?
    • Are there new resources that the auditor can provide to supplement the original audit?
    • What can you do to make your follow up perceived as additional support instead of as an evaluation of their success?

Operational Security

  • In addition to ongoing secure communication practices, check for any changes in keys or other authentication changes. If these occur re-verify this information using out of band means.


    Baseline Skills

    • Secure communications options to conduct follow-up discussions with organization



References and resources for Follow Up